From 6d2e9365c0fb1bea804743245d79a5b97e3af108 Mon Sep 17 00:00:00 2001
From: AAGaming <aagaming@riseup.net>
Date: Wed, 21 Feb 2024 01:08:25 -0500
Subject: more major websocket progress

---
 backend/decky_loader/helpers.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'backend/decky_loader/helpers.py')

diff --git a/backend/decky_loader/helpers.py b/backend/decky_loader/helpers.py
index 2d5eb6dd..f4005cc5 100644
--- a/backend/decky_loader/helpers.py
+++ b/backend/decky_loader/helpers.py
@@ -12,7 +12,7 @@ from aiohttp.web import Request, Response, middleware
 from aiohttp.typedefs import Handler
 from aiohttp import ClientSession
 from .localplatform import localplatform
-from .customtypes import UserType
+from .enums import UserType
 from logging import getLogger
 from packaging.version import Version
 
@@ -23,6 +23,7 @@ csrf_token = str(uuid.uuid4())
 ssl_ctx = ssl.create_default_context(cafile=certifi.where())
 
 assets_regex = re.compile("^/plugins/.*/assets/.*")
+dist_regex = re.compile("^/plugins/.*/dist/.*")
 frontend_regex = re.compile("^/frontend/.*")
 logger = getLogger("Main")
 
@@ -34,7 +35,18 @@ def get_csrf_token():
 
 @middleware
 async def csrf_middleware(request: Request, handler: Handler):
-    if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or str(request.rel_url.path) == "/ws" or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
+    if str(request.method) == "OPTIONS" or \
+        request.headers.get('Authentication') == csrf_token or \
+        str(request.rel_url) == "/auth/token" or \
+        str(request.rel_url).startswith("/plugins/load_main/") or \
+        str(request.rel_url).startswith("/static/") or \
+        str(request.rel_url).startswith("/steam_resource/") or \
+        str(request.rel_url).startswith("/frontend/") or \
+        str(request.rel_url.path) == "/ws" or \
+        assets_regex.match(str(request.rel_url)) or \
+        dist_regex.match(str(request.rel_url)) or \
+        frontend_regex.match(str(request.rel_url)):
+
         return await handler(request)
     return Response(text='Forbidden', status=403)
 
-- 
cgit v1.2.3